|Publication number||US7909245 B1|
|Application number||US 12/413,944|
|Publication date||Mar 22, 2011|
|Filing date||Mar 30, 2009|
|Priority date||Dec 15, 2005|
|Also published as||US7527192|
|Publication number||12413944, 413944, US 7909245 B1, US 7909245B1, US-B1-7909245, US7909245 B1, US7909245B1|
|Inventors||Deborah Chaskin, David M. Williamson|
|Original Assignee||At&T Intellectual Property Ii, L.P.|
|Export Citation||BiBTeX, EndNote, RefMan|
|Patent Citations (14), Non-Patent Citations (1), Referenced by (5), Classifications (13), Legal Events (2)|
|External Links: USPTO, USPTO Assignment, Espacenet|
This application is a continuation of and claims priority to co-pending U.S. patent application Ser. No. 11/300,653 filed Dec. 15, 2005, now allowed, which is incorporated herein by reference in its entirety.
The present invention generally relates to telecommunications services, more particularly to a network based method of providing access to information, through the use of secure identification elements, more particularly to the issuance of secure identification numbers, mapped to personal information.
Identity theft has increasingly become a problem in recent times. Personal and confidential information of individuals is more accessible today than ever before. The problem is magnified in light of people transacting business on the internet using credit cards and providing identification numbers, such as a Social Security Number, to any number of different entities.
Identity theft is made worse when a person's Social Security Number is stolen. A person's Social Security Number gives access to vast amounts of confidential information. In addition, a Social Security Number can not easily be replaced. Unauthorized access to a person's Social Security Number gives the potential for serious damage to a person's credit and other financial data.
Personal identification information or numbers, such as a Social Security Number, is often required by various entities in order to process a customer transaction. For instance, a Social Security Number may be necessary in order to apply for a loan or a credit card or when enrolling in school. With the use of personal identification numbers being so commonplace, it is important to maintain the confidentiality of the number and the information associated with it.
Therefore, there is an urgent need to provide a method for protecting an individual's personal identification information that is easily implemented and managed by a trusted entity.
The present invention pertains to a method of providing access to information by issuing secure identification elements that may be used in place of actual identification elements to protect user confidentiality.
In one aspect, there is provided a method of retrieving information including receiving a request for information at a processing agent by way of a secure identification element. The secure identification element is then authenticated and the request is then processed by the processing agent including mapping the secure identification element to the information via a user's identification number.
In another aspect of the invention, there is provided a method of generating a secure identification element including receiving a request for such element and generating the secure identification element from a database or random generation process of such elements. The secure identification element is then transmitted to the user.
In yet another aspect of the invention, a network based method of providing access to information is generally implemented with a user access system and a telecommunications network, managed by a trusted entity or a trusted third party. In one example, an access system may include a database, a processing agent and a software mapping manager.
The foregoing summary of the invention, as well as the following detailed description of the preferred embodiments, is better understood when read in conjunction with the accompanying drawings, which are included by way of example and not by way of limitation with regard to the claimed invention:
The following embodiments and aspects thereof are described and illustrated in conjunction with systems tools and methods which are meant to be illustrative and non-limiting in scope. In a brief overview, a method of providing access to information is generally implemented with a user access system and a telecommunications network, managed by a trusted entity or a trusted third party. The trusted entity may be a data repository that may maintain user access rights, as well as secure identification elements and information segments including a user's personal information. Secure identification elements may be elements generated at the request of the user that may be logically linked to a user's personal or confidential information via a user identification element, such as a Social Security Number or other unique identification number. For example, the secure identification element may be a virtual Social Security Number that is logically linked to a user's personal information via the user's Social Security Number. The secure identification element may be used by a requesting entity to access the personal or confidential information of the user. Information segments may be data or documents relating to credit information, financial information, or other confidential information of the user.
The access system 12 may be implemented with a general purpose computing device in the form of a host computer, including one or more central processing units, a system memory, and a system bus that couples various system components including the system memory, to the central processing unit. The system bus may be any one of several types of bus structures including a memory bus or memory controller, a peripheral bus, and a local bus using any one of a variety of bus architectures. The general purpose computing device may have an exemplary operating system such as MICROSOFT WINDOWS®, WINDOWS NT®, UNIX®, or LINUX®. The system memory includes read only memory (“ROM”) and random access memory (“RAM”). The general purpose computer device can be any host computer systems configured to operate with devices that can interface with access system 12, including telecommunication switches.
The processing agent 24 and mapping agent 26 herein may be embodied as computer readable instructions stored on a computer readable medium such as a CD-ROM, DVD ROM, removable storage device, hard disk, system memory, embedded memory, flash memory or other data storage medium. The computer readable medium stores computer executable components, or software modules. More or fewer software modules may alternatively be used. Each component or module may be an executable program, a data link library, a configuration file, a database, a graphical image, a binary data file, a text data file, an object file, a source code file, or the like. When one or more computer processors execute one or more of the software modules, the software modules interact to cause one or more computer systems to perform according to the teachings of the present invention.
The access process includes collecting or receiving information about the user. The information may include general information e.g., address, date of birth, telephone number. The information may also include the user's Social Security Number or another type of identification element of the user. The identification element of the user provided acts as the link between the secure identification element issued and the personal information requested. The personal information requested may include credit history, account information or loan history.
In an alternate embodiment, the registration process may include collecting biometric data of the user. The data may include an eye or retinal scan, fingerprint, DNA or facial scan. The information, in addition to the personal information above, may be used to authenticate the user of the secure identification element or to verify the user upon subsequent logins to the access system. For instance, upon subsequent logins, the user may have to put in his or her zip code or allow for a retinal scan in order to access his or her account.
The customer may reach access system 12 via an access communications network 36 that is coupled to the access system 12. The access network may include the Internet 18 and World Wide Web for allowing the customer to enroll and register with the system. Alternatively, the access network may also be a public switched telephone network 14 for enabling the customer to create a telephony connection or telephone call to interface with the access system. As a further alternative, the access network may be a wireless network 16. It should be appreciated that access network may include a plurality of differing networks—for example, a local, national, international telecommunications network, cellular, or Personal Communication Services (PCS) network, cable television, satellite telecommunications networks and/or any other suitable network. It should be recognized that any device that provides network connectivity—such as a landline telephone, a wireless telephony device, a personal computer, or a laptop with a modem, a telephony-enabled personal digital assistant, a handheld terminal device, a palm-sized computer, an IP-enabled telephone—may be used to link access network for coupling to access system.
Upon completion of the registration process, a user account is established containing the personal information of the user. This user account may be identified by the identification element of the user. As shown in
The database 28 may include a secure identification element 20 that may be issued to the user. Additional secure identification elements 20(a), 20(b), 20(c) . . . 20(n) may be generated by the system and stored in the database 28 until requested by the user, as illustrated in
It is to be understood that the database 28 comprises a computer-readable storage device that may include one or more magnetic disk drives or, alternatively, optical disk drives such as Compact Disk ROMs, or DVD drives. It should be appreciated that database 28 and associated computer-readable media provide nonvolatile storage of computer-readable code including a plurality of customer records associated to a plurality of customer accounts for an authentication service of the present invention.
Once the secure identification element 20 is generated and transmitted to the user 22, the user may submit the secure identification element 20 to a requesting entity 34 attempting to access the user's personal information. The secure identification element 20 may be submitted to the requesting entity 34 in lieu of the user's identification element, e.g., Social Security Number. The requesting entity 34 may then access the user's personal information by submitting the secure identification element to the trusted entity. In addition, the requesting entity may see a listing of what privileges or information are accessible to them with that particular secure identification element.
In order to access the personal information of the user by way of the secure identification element 20, the secure identification element 20 is provided to the processing agent 24 of the trusted entity 10. The processing agent 24 may be a general purpose computing device of a type similar to that described in the foregoing. As the secure identification element 20 is provided to the processing agent 24, the processing agent 24 authenticates the validity of the secure identification element 20 by confirming the existence of the secure identification element 20 in the secure user's database 28 or other method. In one embodiment, the secure identification element may have an internal checksum to prevent guessing.
Once authenticated, the secure identification element 20 is mapped to the user's personal information by way of the trusted entity's 10 software mapping agent 26. The mapping agent 26 will map the secure identification element 20 to the user's personal information by way of the user's identification element. This mapping function is performed by the trusted entity 10 by way of the software mapping agent 26. The software mapping agent logically links the secure identification element to the personal information of the user via the identification element provided by the user. The mapping function may include associating the secure identification element with the user's identification element or to the information itself. The information may be various classes of information. For example, a person's credit history may be one class of information, while their loan history or current financial information may be another class. The secure identification element may be mapped to all information or to one or more than one class of information.
The mapping function may also include associating the secure identification element with the requesting entity. For example, the secure identification element may be logically linked to the user's Social Security Number and the information associated with it for use by a single requesting entity. In one embodiment, the secure identification element is restricted to use by a particular requesting entity.
In one embodiment, the mapping performed by the mapping agent is kept confidential. It may be known only to entities such as the user or the Internal Revenue Service.
Once the information is accessed via the mapping function, an information segment 32 is transmitted to the requesting entity 34. In one embodiment, once the information segment 32 has been transmitted to the requesting entity 34, the secure identification element 20 used to access that information may no longer be valid. In an alternative embodiment also discussed below, the secure identification element 20 submitted to the requesting entity 34 may be used only by that requesting entity 34 to gain access to the protected information.
With reference to
At block 102, the system prompts the user to enter the user's information to create an account and if desired, a personal identification number. At block 104, the account is established and a secure identification element is generated for the user. The secure identification element 20 is logically linked to the personal information of the user by way of the user's identification element. The secure identification elements may be computer readable data or visually readable data. Also at block 104, the secure identification element is then transmitted to the user. The secure identification element may be transmitted as computer readable data via secure email, facsimile or text message, or an encrypted transmission to the user. In addition, the secure identification element may be transmitted via mail or an alternate letter delivery service.
At block 106, the secure identification element is submitted, by the user, to a requesting entity. The requesting entity may be any type of entity seeking access to the user's personal information. At block 108, the secure identification element is submitted to the trusted entity by the requesting entity. At block 110, the processing agent of the trusted entity validates and authenticates the secure identification element submitted. This process may include accessing the database to ensure that the personal information requested is for the user associated with that secure identification element. If the secure identification element is valid for that user, the processing agent directs the software mapping agent to proceed to identify the personal information requested.
At block 112, the software mapping agent of the trusted entity identifies the personal information of the user. This is accomplished by mapping the secure identification element to the personal information via the user's identification element that is associated with such personal information. Once the information is identified, an information segment may be transmitted to the requesting entity, as in block 114.
One advantage of this method of protecting information can be seen with the use of Social Security Numbers. The user may use secure identification elements, such as a virtual Social Security Number, generated by the system in place of a identification element, such as a Social Security Number. The secure identification element may be submitted to any requesting entity, such as a financial institution, to access the user's personal information that would be associated with the user's Social Security Number. The bank may submit the secure identification element to the trusted entity to access the information. The trusted entity may validate the secure identification number and, if valid, map the secure identification number to the user's personal information via the user's Social Security Number. The bank may then access the user's personal information without requiring the user to divulge his or her Social Security Number.
In reference to
In addition, the user account may be established to allow only one secure requesting entity to access the user's personal information with a certain secure identification element, as in block 120. If the secure identification element is requesting entity specific, then only that requesting entity specified will be permitted to use that secure identification element, as in block 132. If the secure identification element is not requesting entity specific, then additional requesting entities may be permitted to use that secure identification element, as in block 134.
In block 122, the validity of the secure identification element may also be maintained until that secure identification element is deleted. If the secure identification element is deleted, it can no longer be used by the requesting entity, or by the user, as in block 142. If the secure identification element is not deleted, it may be reused by the user, as in block 140. In one embodiment, the trusted entity may guarantee to the requesting entity that the secure identification element will be valid for a given period of time. This may provide security to the requesting entity from fraudulent users. For example, a user may provide a secure identification element to a requesting entity that is a financial institution in order to obtain a loan. If the validity of the secure identification element were not guaranteed for a given period of time, the user may delete the secure identification element and default on the loan. That may leave the financial institution with little recourse against the defaulting user without access to the information linked to the secure identification element.
In an alternative embodiment shown in
In yet another alternative embodiment, as shown in
One advantage of the extracting step shown in
A fee may be associated with the use of this system. Such fee may be monetary. In addition, the use of the system by the requesting entity may result in a rewards type benefit for the user. For instance, additional allotted minutes, discounts or other rewards may be credited to the user each time a requesting entity accesses that user's information.
In one embodiment, the trusted entity may keep a history of active and deleted secure identification elements. This may be done for audit purposes. The history may be displayed on a graphical user interface and the user may be allowed to view this history.
The foregoing detailed description has set forth various embodiments of the devices and/or processes via the use of block diagrams, flowcharts, and examples. Insofar as such block diagrams, flowcharts, and examples contain one or more functions and/or operations, it will be understood by those within the art that each function and/or operation within such block diagrams, flowcharts, or examples can be implemented, individually and/or collectively, by a wide range of hardware, software, firmware, or any combination thereof. Those skilled in the art will recognize that the embodiments disclosed herein, in whole or in part, can be implemented in standard Integrated Circuits, as a computer program running on a computer, as a program running on a processor, as firmware, or as virtually any combination thereof and that designing the circuitry and/or writing the code for the software or firmware would be well within the skill of one of ordinary skill in the art in light of this disclosure.
A network based computer implemented method of providing access to information is generally implemented with a user access system and a telecommunications network, managed by a trusted entity or a trusted third party. In one example, an access system may include a database, a processing agent and a software mapping manager. Such components have been described above and in reference to the above described figures.
Although the invention has been defined using the appended claims, these claims are exemplary in that the invention may be intended to include the elements and steps described herein in any combination or sub combination. Accordingly, there are any number of alternative combinations for defining the invention, which incorporate one or more elements from the specification, including the description, claims, and drawings, in various combinations or sub combinations. It will be apparent to those skilled in the relevant technology, in light of the present specification, that alternate combinations of aspects of the invention, either alone or in combination with one or more elements or steps defined herein, may be utilized as modifications or alterations of the invention or as part of the invention. It may be intended that the written description of the invention contained herein covers all such modifications and alterations.
|Cited Patent||Filing date||Publication date||Applicant||Title|
|US6389402||Jun 9, 1999||May 14, 2002||Intertrust Technologies Corp.||Systems and methods for secure transaction management and electronic rights protection|
|US6879965||Jun 14, 2001||Apr 12, 2005||Passgate Corporation||Method, system and computer readable medium for web site account and e-commerce management from a central location|
|US7025255||Feb 3, 2003||Apr 11, 2006||Diebold, Incorporated||Application service provider and automated transaction machine system and method|
|US7047416||Aug 6, 2001||May 16, 2006||First Data Corporation||Account-based digital signature (ABDS) system|
|US7069249||May 19, 2003||Jun 27, 2006||Iprivacy, Llc||Electronic purchase of goods over a communications network including physical delivery while securing private and personal information of the purchasing party|
|US7089584||May 24, 2000||Aug 8, 2006||Sun Microsystems, Inc.||Security architecture for integration of enterprise information system with J2EE platform|
|US7155508||Apr 4, 2001||Dec 26, 2006||Yodlee.Com, Inc.||Target information generation and ad server|
|US20020147618 *||Feb 1, 2002||Oct 10, 2002||Mezrah Todd M.||Online insurance sales platform|
|US20030021417||May 15, 2002||Jan 30, 2003||Ognjen Vasic||Hidden link dynamic key manager for use in computer systems with database structure for storage of encrypted data and method for storage and retrieval of encrypted data|
|US20030084339||Oct 25, 2001||May 1, 2003||International Business Machines Corporation||Hiding sensitive information|
|US20060101508 *||Jun 9, 2005||May 11, 2006||Taylor John M||Identity verification system|
|US20060200855 *||Mar 6, 2006||Sep 7, 2006||Willis Taun E||Electronic verification systems|
|US20060247991||Sep 28, 2005||Nov 2, 2006||American Express Marketing & Development Corp.||System, method, and computer program product for searching credit agencies using partial identification numbers|
|US20060248045||Jul 22, 2004||Nov 2, 2006||Kinor Technologies Inc.||Information access using ontologies|
|1||Caroline E. Mayer, "Virtual Card Offers Online Security Blanket", http://www.washingtonpost.com/wp-dyn/content/article/2005/09/30/AR2005093001679.html.|
|Citing Patent||Filing date||Publication date||Applicant||Title|
|US9047253||Mar 14, 2013||Jun 2, 2015||Ca, Inc.||Detecting false statement using multiple modalities|
|US9055071||Mar 14, 2013||Jun 9, 2015||Ca, Inc.||Automated false statement alerts|
|US9208326 *||Mar 14, 2013||Dec 8, 2015||Ca, Inc.||Managing and predicting privacy preferences based on automated detection of physical reaction|
|US9256748||Mar 14, 2013||Feb 9, 2016||Ca, Inc.||Visual based malicious activity detection|
|US20100313273 *||Dec 9, 2010||Walter Stewart Freas||Securing or Protecting from Theft, Social Security or Other Sensitive Numbers in a Computerized Environment|
|U.S. Classification||235/379, 235/382, 235/487|
|International Classification||G07F19/00, G07D11/00, G06Q40/00|
|Cooperative Classification||G07C9/00166, G06Q10/10, G07C9/00158, H04L63/10|
|European Classification||G07C9/00C4, G06Q10/10, H04L63/10|
|Aug 24, 2009||AS||Assignment|
Owner name: AT&T PROPERTIES, LLC, NEVADA
Effective date: 20090821
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:AT&T CORP.;REEL/FRAME:023138/0235
Effective date: 20090821
Owner name: AT&T INTELLECTUAL PROPERTY II, L.P., NEVADA
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:AT&T PROPERTIES, LLC;REEL/FRAME:023138/0245
|Aug 25, 2014||FPAY||Fee payment|
Year of fee payment: 4